Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected , I think ? internet explored frezzes pc ?


  • This topic is locked This topic is locked
4 replies to this topic

#1 firsttaff

firsttaff

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:10:53 AM

Posted 17 February 2012 - 07:10 AM

hello
for some weeks now i have had after some time internet explorer fail to load when i try to open a new window and then frezze , I have also been unable to open folders and my only option was to restart.
my system is
windows xp sp3
Here is the DDS log ,,, PLease Note i was unable to get a log from the GMER utility as my computer would frezze after around a hour , I tried several times

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Bryan at 17:38:11 on 2012-02-16
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2161 [GMT 0:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: TalkTalk Security 9.01 *Disabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: TalkTalk Security 9.01 *Enabled*
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\AVG\AVG10\avgfws.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
C:\Program Files\TalkTalk\Security\Anti-Virus\fsgk32st.exe
C:\Program Files\TalkTalk\Security\Common\FSMA32.EXE
C:\Program Files\TalkTalk\Security\Anti-Virus\FSGK32.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\TalkTalk\Security\Common\FSHDLL32.EXE
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
F:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgam.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\TalkTalk\Security\Anti-Virus\fssm32.exe
C:\Program Files\TalkTalk\Security\FWES\Program\fsdfwd.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\TalkTalk\Security\Anti-Virus\fsav32.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Browsing Protection Class: {c6867eb7-8350-4856-877f-93cf8ae3dc9c} - c:\program files\talktalk\security\nrs\iescript\baselitmus.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Wanadoo: {8b68564d-53fd-4293-b80c-993a9f3988ee} -
TB: Browsing Protection Toolbar: {265eee8e-3228-44d3-aea5-f7fdf5860049} - c:\program files\talktalk\security\nrs\iescript\baselitmus.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\program files\talktalk\security\fsps\program\FSLSP.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537}
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1250439229671
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1268159900671
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{973516E3-0CBC-4542-9E36-69E604271403} : DhcpNameServer = 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-1-19 32592]
R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2011-3-29 42672]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2011-3-29 82120]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-10-7 64512]
R0 nvcchflt;NVIDIA Disk Cache Filter Driver;c:\windows\system32\drivers\nvcchflt.sys [2005-2-11 16640]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-2-10 297168]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\talktalk\security\hips\drivers\fshs.sys [2011-3-29 68064]
R2 avgfws;AVG Firewall;c:\program files\avg\avg10\avgfws.exe [2011-3-9 2708024]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2012-1-31 7391072]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R2 F-Secure Gatekeeper Handler Starter;FSGKHS;c:\program files\talktalk\security\anti-virus\fsgk32st.exe [2011-3-29 215648]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-11-3 2152152]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-2-1 652360]
R2 TomTomHOMEService;TomTomHOMEService;f:\program files\tomtom home 2\TomTomHOMEService.exe [2011-4-22 92592]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2010-7-12 30432]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-3-30 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 27216]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\talktalk\security\anti-virus\minifilter\fsgk.sys [2011-3-29 148632]
R3 FSORSPClient;F-Secure ORSP Client;c:\program files\talktalk\security\orsp client\fsorsp.exe [2011-3-29 61088]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-2-1 20464]
S1 atitray;atitray;\??\c:\program files\radeon omega drivers\v4.8.442\ati tray tools\atitray.sys --> c:\program files\radeon omega drivers\v4.8.442\ati tray tools\atitray.sys [?]
S2 Ca1528av;SPCA1528 Video Camera Service;c:\windows\system32\drivers\Ca1528av.sys [2011-2-28 516480]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-7-12 30432]
S3 Bulk1528;SPCA1528 Still Camera Service;c:\windows\system32\drivers\Bulk1528.sys [2011-2-28 11648]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-11-3 15232]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-2-14 40776]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 gupdate1ca147758b86a28;Google Update Service (gupdate1ca147758b86a28);c:\program files\google\update\GoogleUpdate.exe [2009-8-3 133104]
.
=============== Created Last 30 ================
.
2012-02-16 11:55:18 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-16 11:55:18 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-15 19:04:08 -------- d-----w- C:\VOLUME_2
2012-02-14 12:29:30 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-02-14 11:50:52 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2012-02-14 11:50:52 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2012-02-14 11:50:51 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2012-02-14 11:50:51 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2012-02-14 11:50:51 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2012-02-14 11:50:22 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2012-02-14 11:50:20 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2012-02-14 11:50:18 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2012-02-14 11:50:15 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2012-02-14 11:50:13 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2012-02-14 11:48:59 36736 -c--a-w- c:\windows\system32\dllcache\ultra.sys
2012-02-14 11:47:59 45568 -c--a-w- c:\windows\system32\dllcache\smb3w.dll
2012-02-14 11:46:59 899146 -c--a-w- c:\windows\system32\dllcache\r2mdkxga.sys
2012-02-14 11:45:59 9344 -c--a-w- c:\windows\system32\dllcache\ntapm.sys
2012-02-14 11:44:55 15232 -c--a-w- c:\windows\system32\dllcache\mpe.sys
2012-02-14 11:43:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2012-02-14 11:42:59 73279 -c--a-w- c:\windows\system32\dllcache\hsf_spkp.sys
2012-02-14 11:41:59 77386 -c--a-w- c:\windows\system32\dllcache\el656nd5.sys
2012-02-14 11:40:59 39936 -c--a-w- c:\windows\system32\dllcache\cnxt1803.sys
2012-02-14 11:39:59 89952 -c--a-w- c:\windows\system32\dllcache\b1cbase.sys
2012-02-14 11:38:39 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2012-02-13 14:47:24 -------- d-----w- c:\program files\Glorylogic
2012-02-12 17:03:00 -------- d-----w- c:\documents and settings\bryan e shayle\application data\Xilisoft
2012-02-12 16:50:08 -------- d-----w- c:\program files\Xilisoft
2012-02-12 16:50:08 -------- d-----w- c:\documents and settings\all users\application data\Xilisoft
2012-02-05 18:53:12 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-02-02 14:19:44 -------- d-----w- c:\documents and settings\bryan e shayle\application data\ElevatedDiagnostics
2012-02-01 11:42:50 -------- d-----w- c:\documents and settings\bryan e shayle\application data\Malwarebytes
2012-02-01 11:42:36 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-01 11:42:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-01 11:42:36 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-02-01 10:23:13 -------- d-----w- c:\program files\Ccleaner Business Edition x64 x86 Tom_Da_Man
2012-01-23 08:31:33 -------- d-----w- c:\documents and settings\bryan e shayle\local settings\application data\jZip
2012-01-23 08:31:15 -------- d-----w- c:\program files\jZip
.
==================== Find3M ====================
.
2012-01-12 16:53:24 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-11-25 21:57:19 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-05-04 12:09:38 81242 ----a-w- c:\program files\Uninstall.exe
2009-07-10 22:38:40 278528 -c--a-w- c:\program files\common files\FDEUnInstaller.exe
.
============= FINISH: 17:40:10.90 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:10:53 AM

Posted 22 February 2012 - 05:55 AM

Hi there,

:step1: I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either two of Ad-Aware, AVG or TalkTalk Security.

:step2: I would also remove Spybot Search & Destroy. It is a pretty out-dated piece of security software and is not capable of dealing with today's threats. In addition, its TeaTimer component can cause issues for other programs on your PC.

Let me know how your PC behaves after uninstalling the above programs.

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#3 firsttaff

firsttaff
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:10:53 AM

Posted 24 February 2012 - 10:39 AM

hello
thank you for your helpfull reply , I atempted to uninstall the programes you advised , however the pc just kept frezzing up halfway throught the install and after a few hours of strugeling with it and as i have not done so for a few years I thought it would be easier to just do a reinstall which is what I did , I hope you do not feel I have wasted your time as I am most gratefull for the help and advice I recived .thank you again
Bryan

#4 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:10:53 AM

Posted 24 February 2012 - 10:41 AM

Hi Bryan,

Not a problem - thanks for letting me know :)

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#5 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:10:53 AM

Posted 24 February 2012 - 10:41 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users